The financial sector invites every type of phishing attack, however, at the top of the list are data breaches and credential harvesting. When a hacker creates a phishing scam designed to capture a financial institution’s data, it might contain customer email addresses, account numbers, passwords, balances, credit card numbers, PINs, and more. The hacker can sell this data on the dark web, hold it for ransom (ransomware attack), or email all customers on the list and trick them into giving up their banking credentials. This phishing threat – known as credential harvesting - usually involves a phishing email suggesting they must log into their account for some sort of routine verification or even an emergency. The link usually takes the unsuspecting victim to a fake site that looks like their banking page but is really there to capture their information. The financial sector has also been known to receive a large amount of business email compromises or CEO impersonation phish. In these cases, they are usually trying to dupe someone into thinking they are transferring money, paying a vendor, or sharing sensitive information with a boss or colleague when in actuality, they’re delivering the goods right into the hands of a cybercriminal.